Terraform "sensitive value" error when using the postgres module

[dmerrick]

TL;DR

When using 2.10.0 of the module, I get an error about using sensitive values in a for_each loop

Expected behavior

I expected the module to create my DB and not fail with an error

Observed behavior

The following error appears:

╷
│ Error: Invalid for_each argument
│
│   on .terraform/modules/my-db/modules/postgresql/main.tf line 254, in resource "random_password" "additional_passwords":
│  254:   for_each = local.users
│     ├────────────────
│     │ local.users has a sensitive value
│
│ Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a
│ resource instance key.
╵

Here is the line where it is failing.

Terraform Configuration

module "my-db" {
  source  = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
  version = "~> 20.1"

  project_id        = local.project_id
  name              = "my-db"
  database_version  = "POSTGRES_15"
  region            = "us-central1"
  availability_type = "REGIONAL"
  tier              = local.database_tier
  disk_size         = local.database_size

  deletion_protection_enabled = true

  backup_configuration = {
    enabled                        = true
    start_time                     = "20:55"
    retained_backups               = 7
    retention_unit                 = "COUNT"
    point_in_time_recovery_enabled = true
    transaction_log_retention_days = 7
  }

  additional_databases = [
    {
      name      = "a"
      charset   = "UTF8"
      collation = "en_US.UTF8"
    },
    {
      name      = "b"
      charset   = "UTF8"
      collation = "en_US.UTF8"
    },
    {
      name      = "c"
      charset   = "UTF8"
      collation = "en_US.UTF8"
    },
    {
      name      = "d"
      charset   = "UTF8"
      collation = "en_US.UTF8"
    },
  ]

  user_name     = local.db_creds_admin.username
  user_password = local.db_creds_admin.password
  root_password = local.db_creds_root.password

  additional_users = [
    {
      name            = local.db_creds_d.username
      password        = local.db_creds_d.password
      host            = "localhost"
      random_password = false
    },
    {
      name            = local.db_creds_a.username
      password        = local.db_creds_a.password
      host            = "localhost"
      random_password = false
    },
    {
      name            = local.db_creds_b.username
      password        = local.db_creds_b.password
      host            = "localhost"
      random_password = false
    },
    {
      name            = local.db_creds_c.username
      password        = local.db_creds_c.password
      host            = "localhost"
      random_password = false
    },
  ]

}

Terraform Version

$ terraform version
Terraform v1.8.4
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v5.28.0
+ provider registry.terraform.io/hashicorp/google-beta v5.30.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.2

Additional information

Tried on terraform 1.7 and 1.8

Official docs on for_each and sensitive values

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[kevinjcash]

I am also running into this issue.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days